Posts Tagged ‘uefi’

Introduction

Theoretically, a notebook running Linux should be inexpensive, since you don’t need a Windows license and Linux runs well without premium hardware. In reality, buying a Linux notebook tends to be expensive on premium hardware. There are companies like Purism and System76 that produce Linux only laptops but these are high-end expensive. Similarly, companies like Dell seem to charge extra if you want Linux. In this article we’ll look at some options for running Linux inexpensively. We’ll look at the tradeoffs, including privacy and security.

Used, Refurbished or Discounted Windows Notebooks

Windows Notebooks have the advantage of mass-production and competition. There are tons of companies producing Windows notebooks. You can find great deals on sale, plus there is a huge market of refurbished lease returns that offer great deals. Also, companies take returns from retailers like Amazon, make sure they are ok and then sell them at a big discount. You then need to install your favorite Linux distribution and then you are up and running. You can even set it up so you can dual boot either Linux or Windows.

If you are concerned about privacy and security, then the downside of Windows notebooks is that they run the UEFI BIOS. This BIOS has backdoors built in so the NSA, and probably other governments, can remotely take control of your computer.

All that being said, if a notebook runs Windows well, it will run Linux better. A great way to bring an old slow laptop or notebook back to life, is to wipe Windows and replace it with Linux. I’m writing this on an old HP laptop which became slower and slower running Windows 10. Now with Ubuntu Linux, it runs great. No more Windows bitrot and it has a whole new life.

Chromebooks

Even cheaper than Windows notebooks, are Chromebooks. These are notebooks designed to run Google’s ChromeOS. These notebooks are cheaper because they don’t require a Windows license and they usually don’t include a harddrive. Instead of a harddrive they have a small memory card usually 16Gig or 32Gig. Chrome OS is based on a Linux kernel, but restricts you in a few ways. You need to sign on using a Google ID, then you install Apps (basically Android apps) via the Google Play store.

Earlier versions couldn’t run regular Linux apps; however, Google has been relaxing this and now allows you to install and run many Linux apps and run a terminal window. Over time Chrome OS has been slowly morphing into full Linux. From being just a portal to Google’s web apps to being a full client operating system. However, I find Chrome OS is still too limiting and there is the issue of having to sign on with Google.

Out of the box, you can’t just install Linux on a Chromebook. The BIOS is locked to only running Chrome OS. The BIOS in Chromebooks is based on Coreboot the open source which is good, however they modified it without providing the source code, so we don’t know if they added hooks for the NSA to spy on you. The Google BIOS does provide a developer mode, this developer mode gives you a root access terminal session and allows you to install and run flavours of Linux from inside Chrome OS using a set of shell scripts called crouton. Many people prefer this method as they get both Linux and Chrome OS at the same time.

Upgrade the BIOS

If you want to boot directly into an alternate OS, you usually need to upgrade the Chromebook’s BIOS to allow this. I bought an inexpensive refurbished Dell Chromebook 11 off Amazon for $100 (CAD). There are two ways to do this, one is reversible, the other isn’t and you run the risk of bricking your device. The Dell’s BIOS is divided into two parts, one is upgradable, and can be reversed using a recovery USB stick. The other requires disassembling the notebook, removing a BIOS write protect tab and then burning the whole BIOS.

I went the reversible route. I made a recovery USB stick and upgraded the BIOS to support booting other operating systems. This isn’t perfect as you are still using Google’s unknown BIOS and you have to hit control-L everytime you boot to run your alternate operating system.

The reason people will risk replacing their whole BIOS is to get a pure version of Coreboot that hasn’t been tampered with by Google. You then have full control of your computer, no developer mode and no control-L to boot. Perhaps one day I’ll give this a try.

Once you have your BIOS updated, you can install Linux from a USB stick. I chose to install GalliumOS, which is tailored for Chromebooks. It installs a minimal Linux, since it knows Chromebooks don’t have much disk space. It also includes all the drivers needed for typical Chromebook trackpads, bluetooth and Wifi. The Gallium OS website has great information, with links to how to upgrade your BIOS and otherwise prepare and complete a successful upgrade.

Another choice is LUbuntu (Light Ubuntu), which is Ubuntu Linux optimized for low memory hardware. I didn’t like this distro as much, probably because it is so optimized for low memory, whereas I have 4GB memory, it is disk space I’m short of (only 16GB). So I didn’t really need the low memory desktop, and would have preferred LibreOffice being left out.

A great source of info on updating Chromebook BIOS’s is MrChromebox. Its interesting because they also have lots of information on how to install UEFI BIOS on a Chromebook, so you can use it as a cheap Windows notebook. You could install UEFI and then run Linux, but why would you want to? Unless you want to be helpful to the NSA and other government spy agencies.

Impressions/Summary

Sadly, running Linux on a converted Windows notebook gives the better experience. At this point, despite the privacy concerns, the UEFI BIOS works better with Linux than Coreboot. On the Chromebook, besides the nuisance of having to hit control-L every time it boots, I found some things just didn’t work well. The main problem I had was closing and opening the lid on the notebook, that Linux’s suspend function didn’t work properly. Often when I opened the lid, Linux didn’t unsuspend and I’d have to do a hard power off- power on which then resulted in a disk corruption scan. Otherwise bluetooth, wifi and the trackpad work fine.

I also think the small memory cards are a problem. I think you’re better off booting from a regular SSD hard drive. These are inexpensive and give you way more space with better performance. I wish there was a cheap Chromebook with an M.2 interface. Or even one where the memory card isn’t glued to the motherboard and in an accessible location.

I really want an inexpensive notebook with privacy and security. The best option right now is to convert a Chromebook over to full Coreboot and then run a privacy oriented version of Linux like PureOS, but right now this is quite a DIY project.

Introduction

2019 is the 50th anniversary of Unix and the 25th anniversary of Linux. Last weekend, I attended the 20th LinuxFest Northwest 2019 show in Bellingham at the Bellingham Technical Conference. A great celebration with over 1200 attendees and 84 speakers. Most of the main Linux distributions were represented along with many hardware, software and service companies associated with Linux.

I attended many great presentations and learned quite a lot. In this article, I’ll give a quick survey of what I got out of the conference. In each time slot there was typically ten talks to choose from and I chose the one that interested me the most. I tended to go to the security and overview presentations.

Computers are Broken

The first presentation I went to was “Computers are Broken (and we’re all going to die)” by Bryan Lunduke. This presentation laid out the problems with the continued increase in the complexity of all software. How this is slowing down current development, since programming teams need to be much larger and understanding what is already there is so difficult. He gave his presentation running Windows for Workgroups 3.11 and Powerpoint 4. His point was he can do everything he needs with this, but with way less RAM, disk space and processing power. Lots of arguments on how software gets into everything and how hard it is to test, it is getting quite dangerous. Just look at Boeing’s problems with the 737 Max.

50 Years of Unix

Next I went to Maddog’s presentation on “50 Years of Unix, the Internet and more”. Maddog has been around Unix the whole time and had a lot of great stories from the history of Unix, Linux and computers. He spent most of his career at DEC, but has done many other things along the way.

Freedom, Security and Privacy

Then I went to Kyle Rankin’s talk, which started with a slide on Oxford commas and why there is only one comma in the title of his presentation. The Linux community has some very paranoid people and maintaining security and privacy are major themes of the conference. One of the most hated items by the Linux community is the UEFI BIOS and how it gives corporations and governments backdoors into everyone’s computers. If you can, get a computer with a CoreBoot BIOS which is open source and lacks all these security problems. One claim is that security in Linux is better because there are so many eyes on it, but he makes the point that unless they are the right eyes, you don’t really gain anything. Getting the best security researchers to test and analyse Linux remains a challenge. Also people tend to be a bit complacent on where they get their software, even if it’s open source, they don’t build it themselves, leaving room for bad things to be inserted.

Early Technology and Ideas for the Future

Jeff Fitzmaurice gave a presentation that looked at some examples from the history of science and how various theoretical breakthroughs led to technological developments. Then there was speculation on what developments in Science happening now, will lead to future technological developments. We discussed AI, materials science, quantum computing among others.

Ubuntu 19.04+

I went to Simon Quigley’s presentation on Ubuntu. Mostly because I use Ubuntu, both on this laptop and on my NVidia Jetson Nano. This talk covered what is new in 19.04 (Disco Dingo) and how work is going towards 19.10 (note the version numbers are year.month of the release target). I’ve been running the LTS (long term support) version and I was surprised to find out they only do a LTS every two years, so when I got home, I changed my configuration to install any new released version. It was interesting on how they need to get open source contributors to commit to the five year support commitment of the LTS.

People were present that work on all the derivatives like Kubuntu and Lubuntu. Most of the work they do actually goes in the upstream Debian release, which benefits even more people.

The Fight for a Secure Linux Bios

David Spring gave this presentation on all the evils of UEFI and why we need CoreBoot so badly. He has a lot of stories on the evils done by the NSA, including causing the Deepwater Horizon disaster. When the NSA release the second version of Stuxnet to attack the Iranian nuclear program, it got away on them. The oil industry uses a lot of the same Siemens equipment and got infected. Before the disaster, Deepwater Horizons monitoring computers were all down, because of the NSA and Stuxnet. If not for the NSA, they would have detected the problem and resolved it without the disaster. For all the propaganda on Chinese and Russian hacking, the NSA employees 100 hackers for every single Chinese one. Their budget is huge.

Past, Present and Future of Blockchain

My friend Clive Boulton (from the GWT days) gave this presentation on the commercial uses of blockchain. This had nothing to do with cryptocurrencies and was on using the algorithms to secure and enable commercial transactions without third party intermediaries. The presentation covered a number of frameworks like Hyperledger and Openchain that enable blockchain for application developers.

Zero Knowledge Architecture

M4dz’s presentation showed how to limit access to application data, for instance to stop insurance companies seeing your medical records. Zero knowledge protocols find ways to tell if you have knowledge without getting that knowledge. For instance if you want to know if someone can access a room, you can watch them open the door, you don’t need to get a copy of the key. Similarly you can watch a service use a password, without giving you the password. These protocols are quite difficult, especially when you get into key recovery procedures, but ultimately if these gain traction we will all get better privacy.

Linux Gaming – the Dark Ages, Today and Beyond…

Ray Shimko’s presentation covered the state of Linux gaming from all the old console emulators to native ports of games where the source code has been released, to better packaging of all the layers required to run Windows games (right version of Wine, etc.). There are a lot of games on Linux now, but sadly the newest hot releases lag quite a while before showing up.

One interesting story is how the emulator contributors are trying to deal with games like “Duck Hunt”. Duck Hunt came with a gun, you pointed at the TV to shoot the ducks. The way this worked was that when you pressed the trigger, the game would flash the screen white. One a CRT this meant the refresh would scan down the screen in 1/60th of a second. A sensor in the gun would record when it saw white and by measuring the time difference, the software would know where the gun was pointing. The problem is that modern screens don’t work that way, so this whole aiming technique doesn’t work. Evidently a workaround is forthcoming.

Q&A

The conference ended with a Q&A session hosted by Maddog, Kyle Rankin and Simon Quigley. The audience could ask whatever they wanted and perhaps got an answer or perhaps got a story. Lots of why doesn’t Linux do X and how can I contribute to Y.

Summary

Hard to believe Linux is 25 years old all ready. This is a great show and in the spirit of free software the show is also free to attend. Lots of interesting discussion and its refreshing to see software developing where users really want, rather than what you see under various corporate agendas.

When you buy a new computer, make sure it uses Coreboot BIOS and not UEFI.